Possible crash when parsing Auth-Digest header
================================================
Description
-------------
A typo in the header parsing code leads to access of memory outside of the
original boundaries and later in the function to memory corruption. Under
very complex situations remote code execution might be possible.
mod_auth is not loaded by default and it needs to be configured to be used.
Bug reported by Stefan Esser.
Affected versions
-------------------
All previous versions.
Solutions or Workaround
-------------------------
There is no known workaround. Please update to 1.4.16 or apply
lighttpd-1.4.x_mod_auth_sec.patch. The patch fixes also:
lighttpd_sa2007_04
lighttpd_sa2007_05
lighttpd_sa2007_06
lighttpd_sa2007_07